• Welcome to ForumKorner!
    Join today and become a part of the community.

Linux root (Protect your server)

Røøt

Member
Reputation
0
Hey guys, A few things I'd like to point out if any one is using a Linux server. First of all, if you're running a Linux server, any were between Linux 2.6.9 - 2.6.24. There is a root exploit out there, which includes VMSPLICE . Basically it's tricking the page with 1,X's, 0's

Code:
+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7e6f000 .. 0xb7ea1000

It'd be done a little something like that. Another thing with Linux is that there is a kernel hole, which is strictly local root, so as long as no one is on your connection that can't be abused. But if you're looking to fix that you can use this..

Code:
    Linux 2.6.24.2

commit 1617e66d11d6621824f642728d62f242272fd063
Date:   Sun Feb 10 16:47:57 2008 +0200

    splice: fix user pointer access in get_iovec_page_array()
    
    patch 712a30e63c8066ed84385b12edbfb804f49cbc44 in mainline.
    
    Commit 8811930dc74a503415b35c4a79d14fb0b408a361 ("splice: missing user
    pointer access verification") added the proper access_ok() calls to
    copy_from_user_mmap_sem() which ensures we can copy the struct iovecs
    from userspace to the kernel.
    
    But we also must check whether we can access the actual memory region
    pointed to by the struct iovec to fix the access checks properly.

Other then that, if your're running those servers there are no launched modules available from user attack (Maybe something like a buffer over flow) so your security is pretty decent.
Hope this helps, enjoy!